Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 65k members.


    Advertisement

    Results 1 to 10 of 10

    What does this entry in the log mean?

    This is a discussion on What does this entry in the log mean? within the Sky Broadband help forums, part of the Sky Broadband help and support category; Hi, I've noticed the following in the log appear many times a day and every day since I've migrated to ...

    1. #1
      mattan's Avatar
      mattan is offline Sky User Member
      Exchange: SSSWN
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR101
      Sky TV: Sky+HD box
      Join Date
      Oct 2012
      Posts
      489
      Thanks
      21
      Thanked 30 Times in 28 Posts

      What does this entry in the log mean?

      Hi,

      I've noticed the following in the log appear many times a day and every day since I've migrated to Sky broadband (just under 2 weeks). Can you tell me what this is as I've never seen this with my previous ISP.

      Oct 16 20:38:36 (none) user.alert kernel: Intrusion -> IN=atm0 OUT= MAC=4c:17:eb:b7:50:f3:00:07:72:cc:86:f2:08:00 src=219.145.124.10 DST=2.218.223.22 LEN=48 TOS=0x00 PREC=0x00 TTL=235 ID=59080 DF PROTO=TCP SPT=8888 DPT=8080 WINDOW=16384 RES=0x00 SYN URGP=0 MARK=0x8000000

      The "SRC" is not always the same, the above seems to be originating in China!! Looks like the firewall is blocking an intrusion?

      Thanks


    2. Advertisement
    3. #2
      NewsreadeR's Avatar
      NewsreadeR is offline Site Founder
      Exchange: Marshalls Cross
      Broadband ISP: Sky Broadband Unlimited
      Router: Sagem F@ST 2504n
      Sky TV: Sky+HD box
      Join Date
      Aug 2006
      Location
      St Helens
      Posts
      22,211
      Thanks
      108
      Thanked 373 Times in 304 Posts
      Blog Entries
      48

      Re: What does this entry in the log mean?

      The firewall is doing its job, looks like you are being probed by a bot or similar.




      ~ Never, ever, argue with an idiot. They'll drag you down to their level and beat you with experience ~

      Follow us on Twitter @skyuser

    4. #3
      mattan's Avatar
      mattan is offline Sky User Member
      Exchange: SSSWN
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR101
      Sky TV: Sky+HD box
      Join Date
      Oct 2012
      Posts
      489
      Thanks
      21
      Thanked 30 Times in 28 Posts

      Re: What does this entry in the log mean?

      Quote Originally Posted by NewsreadeR View Post
      The firewall is doing its job, looks like you are being probed by a bot or similar.
      Sounds painful!

      This must be happening on a range of Sky's IP addresses as I noticed these entries from day 1. Is there anything Sky can do in this case?

    5. #4
      NewsreadeR's Avatar
      NewsreadeR is offline Site Founder
      Exchange: Marshalls Cross
      Broadband ISP: Sky Broadband Unlimited
      Router: Sagem F@ST 2504n
      Sky TV: Sky+HD box
      Join Date
      Aug 2006
      Location
      St Helens
      Posts
      22,211
      Thanks
      108
      Thanked 373 Times in 304 Posts
      Blog Entries
      48

      Re: What does this entry in the log mean?

      No - It happens on any ISP

      Basically it is a rogue network trying to attack your PC etc - It justs spends all day looking for open doors. The Sky router has none by default so it will just move onto scanning a whole range of IP addess etc

      Nothing to worry about and nothing you can do.




      ~ Never, ever, argue with an idiot. They'll drag you down to their level and beat you with experience ~

      Follow us on Twitter @skyuser

    6. The Following User Says Thank You to NewsreadeR For This Useful Post:

      mattan (17-10-12)

    7. #5
      speedyrite's Avatar
      speedyrite is offline Sky User Member
      Exchange: WMDRO
      Broadband ISP: Sky Fibre Unlimited Pro
      Router: Sky Hub SR101 + Huawei HG612
      Sky TV: NOW TV
      Join Date
      Sep 2006
      Posts
      2,283
      Thanks
      346
      Thanked 154 Times in 148 Posts
      Blog Entries
      1
      Actually you can change the router logging options to suppress these events from appearing (obviously won't stop them happening though!)

      I may be mis-remembering but I think there were more settings on the old Netgear V1Sky router to configure what events were logged and it was possible to suppress logging of these events, but I noticed during my brief initial usage of the 2504n that there were fewer settings and it was not possible to suppress just those events without suppressing other events which were of interest.
      ++ speedyrite ... powered by Sky Broadband since 2007 ++

    8. #6
      mattan's Avatar
      mattan is offline Sky User Member
      Exchange: SSSWN
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR101
      Sky TV: Sky+HD box
      Join Date
      Oct 2012
      Posts
      489
      Thanks
      21
      Thanked 30 Times in 28 Posts

      Re: What does this entry in the log mean?

      There's very little in the way of suppressing events, other than the ones that show the connection going up/down.

    9. #7
      speedyrite's Avatar
      speedyrite is offline Sky User Member
      Exchange: WMDRO
      Broadband ISP: Sky Fibre Unlimited Pro
      Router: Sky Hub SR101 + Huawei HG612
      Sky TV: NOW TV
      Join Date
      Sep 2006
      Posts
      2,283
      Thanks
      346
      Thanked 154 Times in 148 Posts
      Blog Entries
      1
      Quote Originally Posted by mattan View Post
      There's very little in the way of suppressing events, other than the ones that show the connection going up/down.
      I think that's the setting to change to suppress the logging of these attempted intrusions, but unfortunately that then also suppresses logging of other things thay may be if interest.
      ++ speedyrite ... powered by Sky Broadband since 2007 ++

    10. #8
      itype's Avatar
      itype is offline Sky User Member
      Exchange: Basingstoke, THBZ
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR101
      Sky TV: Sky+HD box
      Join Date
      Oct 2007
      Location
      Hampshire
      Posts
      315
      Thanks
      12
      Thanked 3 Times in 2 Posts

      Re: What does this entry in the log mean?

      These was an option on the V1 where you could tick a box that stopped the router from logging port scans and DOS attacks. All the current routers are missing this router, at least on my DG934G it is. Not sure on the Sagem. Chances are there won't be an option to do so.

    11. #9
      NewsreadeR's Avatar
      NewsreadeR is offline Site Founder
      Exchange: Marshalls Cross
      Broadband ISP: Sky Broadband Unlimited
      Router: Sagem F@ST 2504n
      Sky TV: Sky+HD box
      Join Date
      Aug 2006
      Location
      St Helens
      Posts
      22,211
      Thanks
      108
      Thanked 373 Times in 304 Posts
      Blog Entries
      48

      Re: What does this entry in the log mean?

      There is not a lot of choice in the Sagem 2504n
      Attached Thumbnails Attached Thumbnails What does this entry in the log mean?-routerlogs.jpg  




      ~ Never, ever, argue with an idiot. They'll drag you down to their level and beat you with experience ~

      Follow us on Twitter @skyuser

    12. #10
      speedyrite's Avatar
      speedyrite is offline Sky User Member
      Exchange: WMDRO
      Broadband ISP: Sky Fibre Unlimited Pro
      Router: Sky Hub SR101 + Huawei HG612
      Sky TV: NOW TV
      Join Date
      Sep 2006
      Posts
      2,283
      Thanks
      346
      Thanked 154 Times in 148 Posts
      Blog Entries
      1

      Re: What does this entry in the log mean?

      Quote Originally Posted by itype View Post
      These was an option on the V1 where you could tick a box that stopped the router from logging port scans and DOS attacks. All the current routers are missing this router, at least on my DG934G it is. Not sure on the Sagem. Chances are there won't be an option to do so.
      Ah yes that's the option I was thinking of!
      ++ speedyrite ... powered by Sky Broadband since 2007 ++

     

     

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2017. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION